endpoints.go raw
1 // Code generated by smithy-go-codegen DO NOT EDIT.
2
3 package ssooidc
4
5 import (
6 "context"
7 "errors"
8 "fmt"
9 "github.com/aws/aws-sdk-go-v2/aws"
10 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
11 internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
12 "github.com/aws/aws-sdk-go-v2/internal/endpoints"
13 "github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
14 internalendpoints "github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints"
15 smithyauth "github.com/aws/smithy-go/auth"
16 smithyendpoints "github.com/aws/smithy-go/endpoints"
17 "github.com/aws/smithy-go/endpoints/private/rulesfn"
18 "github.com/aws/smithy-go/middleware"
19 "github.com/aws/smithy-go/ptr"
20 "github.com/aws/smithy-go/tracing"
21 smithyhttp "github.com/aws/smithy-go/transport/http"
22 "net/http"
23 "net/url"
24 "os"
25 "strings"
26 )
27
28 // EndpointResolverOptions is the service endpoint resolver options
29 type EndpointResolverOptions = internalendpoints.Options
30
31 // EndpointResolver interface for resolving service endpoints.
32 type EndpointResolver interface {
33 ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
34 }
35
36 var _ EndpointResolver = &internalendpoints.Resolver{}
37
38 // NewDefaultEndpointResolver constructs a new service endpoint resolver
39 func NewDefaultEndpointResolver() *internalendpoints.Resolver {
40 return internalendpoints.New()
41 }
42
43 // EndpointResolverFunc is a helper utility that wraps a function so it satisfies
44 // the EndpointResolver interface. This is useful when you want to add additional
45 // endpoint resolving logic, or stub out specific endpoints with custom values.
46 type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)
47
48 func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
49 return fn(region, options)
50 }
51
52 // EndpointResolverFromURL returns an EndpointResolver configured using the
53 // provided endpoint url. By default, the resolved endpoint resolver uses the
54 // client region as signing region, and the endpoint source is set to
55 // EndpointSourceCustom.You can provide functional options to configure endpoint
56 // values for the resolved endpoint.
57 func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver {
58 e := aws.Endpoint{URL: url, Source: aws.EndpointSourceCustom}
59 for _, fn := range optFns {
60 fn(&e)
61 }
62
63 return EndpointResolverFunc(
64 func(region string, options EndpointResolverOptions) (aws.Endpoint, error) {
65 if len(e.SigningRegion) == 0 {
66 e.SigningRegion = region
67 }
68 return e, nil
69 },
70 )
71 }
72
73 type ResolveEndpoint struct {
74 Resolver EndpointResolver
75 Options EndpointResolverOptions
76 }
77
78 func (*ResolveEndpoint) ID() string {
79 return "ResolveEndpoint"
80 }
81
82 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
83 out middleware.SerializeOutput, metadata middleware.Metadata, err error,
84 ) {
85 if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
86 return next.HandleSerialize(ctx, in)
87 }
88
89 req, ok := in.Request.(*smithyhttp.Request)
90 if !ok {
91 return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
92 }
93
94 if m.Resolver == nil {
95 return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
96 }
97
98 eo := m.Options
99 eo.Logger = middleware.GetLogger(ctx)
100
101 var endpoint aws.Endpoint
102 endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
103 if err != nil {
104 nf := (&aws.EndpointNotFoundError{})
105 if errors.As(err, &nf) {
106 ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
107 return next.HandleSerialize(ctx, in)
108 }
109 return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
110 }
111
112 req.URL, err = url.Parse(endpoint.URL)
113 if err != nil {
114 return out, metadata, fmt.Errorf("failed to parse endpoint URL: %w", err)
115 }
116
117 if len(awsmiddleware.GetSigningName(ctx)) == 0 {
118 signingName := endpoint.SigningName
119 if len(signingName) == 0 {
120 signingName = "sso-oauth"
121 }
122 ctx = awsmiddleware.SetSigningName(ctx, signingName)
123 }
124 ctx = awsmiddleware.SetEndpointSource(ctx, endpoint.Source)
125 ctx = smithyhttp.SetHostnameImmutable(ctx, endpoint.HostnameImmutable)
126 ctx = awsmiddleware.SetSigningRegion(ctx, endpoint.SigningRegion)
127 ctx = awsmiddleware.SetPartitionID(ctx, endpoint.PartitionID)
128 return next.HandleSerialize(ctx, in)
129 }
130 func addResolveEndpointMiddleware(stack *middleware.Stack, o Options) error {
131 return stack.Serialize.Insert(&ResolveEndpoint{
132 Resolver: o.EndpointResolver,
133 Options: o.EndpointOptions,
134 }, "OperationSerializer", middleware.Before)
135 }
136
137 func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
138 _, err := stack.Serialize.Remove((&ResolveEndpoint{}).ID())
139 return err
140 }
141
142 type wrappedEndpointResolver struct {
143 awsResolver aws.EndpointResolverWithOptions
144 }
145
146 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
147 return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
148 }
149
150 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
151
152 func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, options ...interface{}) (aws.Endpoint, error) {
153 return a(service, region)
154 }
155
156 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
157
158 // withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
159 // If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
160 // and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
161 // via its middleware.
162 //
163 // If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
164 func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
165 var resolver aws.EndpointResolverWithOptions
166
167 if awsResolverWithOptions != nil {
168 resolver = awsResolverWithOptions
169 } else if awsResolver != nil {
170 resolver = awsEndpointResolverAdaptor(awsResolver.ResolveEndpoint)
171 }
172
173 return &wrappedEndpointResolver{
174 awsResolver: resolver,
175 }
176 }
177
178 func finalizeClientEndpointResolverOptions(options *Options) {
179 options.EndpointOptions.LogDeprecated = options.ClientLogMode.IsDeprecatedUsage()
180
181 if len(options.EndpointOptions.ResolvedRegion) == 0 {
182 const fipsInfix = "-fips-"
183 const fipsPrefix = "fips-"
184 const fipsSuffix = "-fips"
185
186 if strings.Contains(options.Region, fipsInfix) ||
187 strings.Contains(options.Region, fipsPrefix) ||
188 strings.Contains(options.Region, fipsSuffix) {
189 options.EndpointOptions.ResolvedRegion = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
190 options.Region, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
191 options.EndpointOptions.UseFIPSEndpoint = aws.FIPSEndpointStateEnabled
192 }
193 }
194
195 }
196
197 func resolveEndpointResolverV2(options *Options) {
198 if options.EndpointResolverV2 == nil {
199 options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
200 }
201 }
202
203 func resolveBaseEndpoint(cfg aws.Config, o *Options) {
204 if cfg.BaseEndpoint != nil {
205 o.BaseEndpoint = cfg.BaseEndpoint
206 }
207
208 _, g := os.LookupEnv("AWS_ENDPOINT_URL")
209 _, s := os.LookupEnv("AWS_ENDPOINT_URL_SSO_OIDC")
210
211 if g && !s {
212 return
213 }
214
215 value, found, err := internalConfig.ResolveServiceBaseEndpoint(context.Background(), "SSO OIDC", cfg.ConfigSources)
216 if found && err == nil {
217 o.BaseEndpoint = &value
218 }
219 }
220
221 func bindRegion(region string) (*string, error) {
222 if region == "" {
223 return nil, nil
224 }
225 if !rulesfn.IsValidHostLabel(region, true) {
226 return nil, fmt.Errorf("invalid input region %s", region)
227 }
228
229 return aws.String(endpoints.MapFIPSRegion(region)), nil
230 }
231
232 // EndpointParameters provides the parameters that influence how endpoints are
233 // resolved.
234 type EndpointParameters struct {
235 // The AWS region used to dispatch the request.
236 //
237 // Parameter is
238 // required.
239 //
240 // AWS::Region
241 Region *string
242
243 // When true, use the dual-stack endpoint. If the configured endpoint does not
244 // support dual-stack, dispatching the request MAY return an error.
245 //
246 // Defaults to
247 // false if no value is provided.
248 //
249 // AWS::UseDualStack
250 UseDualStack *bool
251
252 // When true, send this request to the FIPS-compliant regional endpoint. If the
253 // configured endpoint does not have a FIPS compliant endpoint, dispatching the
254 // request will return an error.
255 //
256 // Defaults to false if no value is
257 // provided.
258 //
259 // AWS::UseFIPS
260 UseFIPS *bool
261
262 // Override the endpoint used to send this request
263 //
264 // Parameter is
265 // required.
266 //
267 // SDK::Endpoint
268 Endpoint *string
269 }
270
271 // ValidateRequired validates required parameters are set.
272 func (p EndpointParameters) ValidateRequired() error {
273 if p.UseDualStack == nil {
274 return fmt.Errorf("parameter UseDualStack is required")
275 }
276
277 if p.UseFIPS == nil {
278 return fmt.Errorf("parameter UseFIPS is required")
279 }
280
281 return nil
282 }
283
284 // WithDefaults returns a shallow copy of EndpointParameterswith default values
285 // applied to members where applicable.
286 func (p EndpointParameters) WithDefaults() EndpointParameters {
287 if p.UseDualStack == nil {
288 p.UseDualStack = ptr.Bool(false)
289 }
290
291 if p.UseFIPS == nil {
292 p.UseFIPS = ptr.Bool(false)
293 }
294 return p
295 }
296
297 type stringSlice []string
298
299 func (s stringSlice) Get(i int) *string {
300 if i < 0 || i >= len(s) {
301 return nil
302 }
303
304 v := s[i]
305 return &v
306 }
307
308 // EndpointResolverV2 provides the interface for resolving service endpoints.
309 type EndpointResolverV2 interface {
310 // ResolveEndpoint attempts to resolve the endpoint with the provided options,
311 // returning the endpoint if found. Otherwise an error is returned.
312 ResolveEndpoint(ctx context.Context, params EndpointParameters) (
313 smithyendpoints.Endpoint, error,
314 )
315 }
316
317 // resolver provides the implementation for resolving endpoints.
318 type resolver struct{}
319
320 func NewDefaultEndpointResolverV2() EndpointResolverV2 {
321 return &resolver{}
322 }
323
324 // ResolveEndpoint attempts to resolve the endpoint with the provided options,
325 // returning the endpoint if found. Otherwise an error is returned.
326 func (r *resolver) ResolveEndpoint(
327 ctx context.Context, params EndpointParameters,
328 ) (
329 endpoint smithyendpoints.Endpoint, err error,
330 ) {
331 params = params.WithDefaults()
332 if err = params.ValidateRequired(); err != nil {
333 return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
334 }
335 _UseDualStack := *params.UseDualStack
336 _ = _UseDualStack
337 _UseFIPS := *params.UseFIPS
338 _ = _UseFIPS
339
340 if exprVal := params.Endpoint; exprVal != nil {
341 _Endpoint := *exprVal
342 _ = _Endpoint
343 if _UseFIPS == true {
344 return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
345 }
346 if _UseDualStack == true {
347 return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
348 }
349 uriString := _Endpoint
350
351 uri, err := url.Parse(uriString)
352 if err != nil {
353 return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
354 }
355
356 return smithyendpoints.Endpoint{
357 URI: *uri,
358 Headers: http.Header{},
359 }, nil
360 }
361 if exprVal := params.Region; exprVal != nil {
362 _Region := *exprVal
363 _ = _Region
364 if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
365 _PartitionResult := *exprVal
366 _ = _PartitionResult
367 if _UseFIPS == true {
368 if _UseDualStack == true {
369 if true == _PartitionResult.SupportsFIPS {
370 if true == _PartitionResult.SupportsDualStack {
371 uriString := func() string {
372 var out strings.Builder
373 out.WriteString("https://oidc-fips.")
374 out.WriteString(_Region)
375 out.WriteString(".")
376 out.WriteString(_PartitionResult.DualStackDnsSuffix)
377 return out.String()
378 }()
379
380 uri, err := url.Parse(uriString)
381 if err != nil {
382 return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
383 }
384
385 return smithyendpoints.Endpoint{
386 URI: *uri,
387 Headers: http.Header{},
388 }, nil
389 }
390 }
391 return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
392 }
393 }
394 if _UseFIPS == true {
395 if _PartitionResult.SupportsFIPS == true {
396 if _PartitionResult.Name == "aws-us-gov" {
397 uriString := func() string {
398 var out strings.Builder
399 out.WriteString("https://oidc.")
400 out.WriteString(_Region)
401 out.WriteString(".amazonaws.com")
402 return out.String()
403 }()
404
405 uri, err := url.Parse(uriString)
406 if err != nil {
407 return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
408 }
409
410 return smithyendpoints.Endpoint{
411 URI: *uri,
412 Headers: http.Header{},
413 }, nil
414 }
415 uriString := func() string {
416 var out strings.Builder
417 out.WriteString("https://oidc-fips.")
418 out.WriteString(_Region)
419 out.WriteString(".")
420 out.WriteString(_PartitionResult.DnsSuffix)
421 return out.String()
422 }()
423
424 uri, err := url.Parse(uriString)
425 if err != nil {
426 return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
427 }
428
429 return smithyendpoints.Endpoint{
430 URI: *uri,
431 Headers: http.Header{},
432 }, nil
433 }
434 return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
435 }
436 if _UseDualStack == true {
437 if true == _PartitionResult.SupportsDualStack {
438 uriString := func() string {
439 var out strings.Builder
440 out.WriteString("https://oidc.")
441 out.WriteString(_Region)
442 out.WriteString(".")
443 out.WriteString(_PartitionResult.DualStackDnsSuffix)
444 return out.String()
445 }()
446
447 uri, err := url.Parse(uriString)
448 if err != nil {
449 return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
450 }
451
452 return smithyendpoints.Endpoint{
453 URI: *uri,
454 Headers: http.Header{},
455 }, nil
456 }
457 return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
458 }
459 uriString := func() string {
460 var out strings.Builder
461 out.WriteString("https://oidc.")
462 out.WriteString(_Region)
463 out.WriteString(".")
464 out.WriteString(_PartitionResult.DnsSuffix)
465 return out.String()
466 }()
467
468 uri, err := url.Parse(uriString)
469 if err != nil {
470 return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
471 }
472
473 return smithyendpoints.Endpoint{
474 URI: *uri,
475 Headers: http.Header{},
476 }, nil
477 }
478 return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
479 }
480 return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
481 }
482
483 type endpointParamsBinder interface {
484 bindEndpointParams(*EndpointParameters)
485 }
486
487 func bindEndpointParams(ctx context.Context, input interface{}, options Options) (*EndpointParameters, error) {
488 params := &EndpointParameters{}
489
490 region, err := bindRegion(options.Region)
491 if err != nil {
492 return nil, err
493 }
494 params.Region = region
495
496 params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
497 params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
498 params.Endpoint = options.BaseEndpoint
499
500 if b, ok := input.(endpointParamsBinder); ok {
501 b.bindEndpointParams(params)
502 }
503
504 return params, nil
505 }
506
507 type resolveEndpointV2Middleware struct {
508 options Options
509 }
510
511 func (*resolveEndpointV2Middleware) ID() string {
512 return "ResolveEndpointV2"
513 }
514
515 func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
516 out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
517 ) {
518 _, span := tracing.StartSpan(ctx, "ResolveEndpoint")
519 defer span.End()
520
521 if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
522 return next.HandleFinalize(ctx, in)
523 }
524
525 req, ok := in.Request.(*smithyhttp.Request)
526 if !ok {
527 return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
528 }
529
530 if m.options.EndpointResolverV2 == nil {
531 return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
532 }
533
534 params, err := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
535 if err != nil {
536 return out, metadata, fmt.Errorf("failed to bind endpoint params, %w", err)
537 }
538 endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration",
539 func() (smithyendpoints.Endpoint, error) {
540 return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
541 })
542 if err != nil {
543 return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
544 }
545
546 span.SetProperty("client.call.resolved_endpoint", endpt.URI.String())
547
548 if endpt.URI.RawPath == "" && req.URL.RawPath != "" {
549 endpt.URI.RawPath = endpt.URI.Path
550 }
551 req.URL.Scheme = endpt.URI.Scheme
552 req.URL.Host = endpt.URI.Host
553 req.URL.Path = smithyhttp.JoinPath(endpt.URI.Path, req.URL.Path)
554 req.URL.RawPath = smithyhttp.JoinPath(endpt.URI.RawPath, req.URL.RawPath)
555 for k := range endpt.Headers {
556 req.Header.Set(k, endpt.Headers.Get(k))
557 }
558
559 rscheme := getResolvedAuthScheme(ctx)
560 if rscheme == nil {
561 return out, metadata, fmt.Errorf("no resolved auth scheme")
562 }
563
564 opts, _ := smithyauth.GetAuthOptions(&endpt.Properties)
565 for _, o := range opts {
566 rscheme.SignerProperties.SetAll(&o.SignerProperties)
567 }
568
569 span.End()
570 return next.HandleFinalize(ctx, in)
571 }
572